> Another concern is that users can grab _all_ of system memory> by having several processes do a 2GB mmap of /dev/zero...> This 'doesn't take any memory' so they can take up as much> (non-pageable) pagetable memory as they want.> In fact, this is the main reason people asked me if I could look> into this... This is one of the biggest denial-of-service holes> still left. (ssstt)